PuTTY vulnerability vuln-passwd-memdump

summary: Failure to scrub SSH-2 password from memory after useclass: vulnerability: This is a security vulnerability.difficulty: fun: Just needs tuits, and not many of them.priority: high: This should be fixed in the next release.present-in: 0.53bfixed-in: 2003-01-10 10c1d43ac6004943e8cfb55b9a8483cc080e3ea9 (0.54)

As reported in iDEFENSE
Security Advisory
01.28.03,
PuTTY 0.53b fails to scrub the password from a memory buffer after
authentication, making it trivially easy for an attacker with access
to a memory dump to recover the password. (This only applies when
using SSH-2.)

This is fixed in the nightly development snapshots as of 2003-01-10,
and will be fixed in the next stable release.